-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 05 Jul 2026 15:43:31 -0600 Source: wolfssl Binary: libwolfssl-dev libwolfssl42t64 Architecture: armhf Version: 5.7.2-0.1+deb13u2 Distribution: trixie Urgency: high Maintainer: armhf Build Daemon (arm-ubc-06) Changed-By: Jacob Barthelmeh Description: libwolfssl-dev - Development files for the wolfSSL encryption library libwolfssl42t64 - wolfSSL encryption library Changes: wolfssl (5.7.2-0.1+deb13u2) trixie; urgency=high . * Backport upstream security fixes. (See #1140765, #1140815) * CVE-2026-5194: require certificate signature OID to match issuer key OID. * CVE-2026-55960: validate negotiated certificate type for raw public keys. * CVE-2026-55961: reject degenerate certs-only PKCS#7 in PKCS7_verify. * CVE-2026-55962: require client cert on outstanding TLS 1.3 post- handshake auth. * CVE-2026-55967: reject AES-GCM cumulative size overflow in streaming update. * CVE-2026-6092: enforce Encrypt-then-MAC on the TLS resumption path. * CVE-2026-6094: bound encrypted content size in PKCS7 EnvelopedData. * CVE-2026-6325: bound index in SetSuitesHashSigAlgo to prevent OOB write. * CVE-2026-6329: reject PKCS#12 MAC length mismatch. * CVE-2026-6331: require exact HMAC tag length in EVP_DigestVerifyFinal. * CVE-2026-6450: reject CRLs with unrecognized critical extensions. * CVE-2026-6678: fix integer underflow in wc_PKCS7_DecryptOri. * CVE-2026-6681: respect caller output buffer size in PKCS7 decode. * CVE-2026-6731: apply DNS name constraints to Subject CN when no SAN. * CVE-2026-7511: report the verifying cert as the PKCS#7 signer. Checksums-Sha1: 09e2d0b1ae7b86a0d1a44445c0b9bd8e7215707a 1305268 libwolfssl-dev_5.7.2-0.1+deb13u2_armhf.deb 05336c2205b3a0067d3bb5068adcf80639dc8779 864240 libwolfssl42t64_5.7.2-0.1+deb13u2_armhf.deb 6f83666ce064db72e364d2ca2e451d71518850e2 6113 wolfssl_5.7.2-0.1+deb13u2_armhf-buildd.buildinfo Checksums-Sha256: f51ace243a2c4e766ffd5266f9725649b5d26f61f047415eaab71b636c4ca3ee 1305268 libwolfssl-dev_5.7.2-0.1+deb13u2_armhf.deb b212c16778c15a926bef3812f59812681b01401ec98d92d7fae083b1150bc056 864240 libwolfssl42t64_5.7.2-0.1+deb13u2_armhf.deb 1ad057c4473afde233d3beaf79f58244b06899aa7c3db2ce96cd2bae0f46d615 6113 wolfssl_5.7.2-0.1+deb13u2_armhf-buildd.buildinfo Files: 22b4bd6ee36f63cfcba0958abe0ed74a 1305268 libdevel optional libwolfssl-dev_5.7.2-0.1+deb13u2_armhf.deb 9e2c9e0eb72832ee356672dd59fc77fb 864240 libs optional libwolfssl42t64_5.7.2-0.1+deb13u2_armhf.deb cff3fa79e9e1add8707dbee76fbcfe44 6113 libs optional wolfssl_5.7.2-0.1+deb13u2_armhf-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBOUsBrtd5lcy6oRfutMAkCxKbL0FAmpZ/V4ACgkQutMAkCxK bL2ocQ/+JHgnREATwWXj8As9Bf2FHTqciBIiR/NEpeeGywcMWVcp4CT84hn+nr8z aagPn/5c+J4+Ar1PH/n2BPwxl3xmLmkZAKUBd9K2i+14cxQC/cWPY+w5UU5gcwkG xwDEQLt29tGm+CDuCAn5VJsqyEubpL0irQHm0HgrDz1uL36epJPrqZkvO57EQtaL 7DCbO/7tVVpVmQ5UFApBk2f1tcO/n8ZETuePF4RXTlYV+wQHFIFG3J9V9ILXwxWQ UTqI19LkF5q7tAlN1F0fyDbWrTMoeo6lJXTi+5ubSdV71GxYfLkJmCgiubMIXBnn 6pOjko5Gjbeyhu9eDCAmX5b2Nd7B016BDwk6EaabwG+K5KOzhMuntST68GVoB3Fv X6fW59L+ZJJQBmIE5XI4vl67cvI29xtUKwLqLvS6tCtvkpo8jz6bifQwC6Pk6Z14 x8zzJLLTMmPonRGitq4SQZkXbqfTq2qjcwYBAdpIgxQOKdR4ei1plBrrkFvVoEB8 q2vbQwEw2MnpbWw/zD1+5c71DDkLp99pFn0sZVV3glq/rpTFlLDdYEeu3UrHQiuA 1TkqBhGPDA2MDEctOBqddR8RjOGc97i3qrBXEyBT3QJ0Dm2yHrr8NMcTFR32gI4M yRLrYdXpzFsMIwcVE1/BODT7EXgFgfotT6W4msEVwtBWAlrYwh4= =hcam -----END PGP SIGNATURE-----